Auditing Project Token Activity
Release notes
Problem to solve
While audit events are generated when project access token was successfully created or revoked (Introduced in GitLab 13.9), there are no audit events when the project token is actually used. This will be a critical issue when a cybersecurity event occurs as there is no audit trail to quickly identify who / how the token has been used. Especially, when the project token feature is enabled by default.
Proposal
Edited by Benjamin Ma